from Exploit.BaseExploit import *
from Config import config
from concurrent.futures import ThreadPoolExecutor
import requests


class ParseScan(Exploit):
    def __init__(self, target, clear_task_list):
        super().__init__()
        self.target = target
        self.clear_task_list = clear_task_list
        self.headers = {'User-Agent': 'Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36'}
        self.parsescanlist = []

    def format_url(self, url, path):
        # 这里判断结尾是否存在/符号 如果有进行清除 ，并且拼接rule.py的规则中的路径 再返回一个url
        if url.endswith('/'):
            url = url.strip('/')
        if path.startswith('/'):
            path = path.strip('/')
        path = '/' + path + '/.php'
        return url + path

    def write_file(self, web_lists, target, page):
        workbook = openpyxl.load_workbook(abs_path + str(target) + ".xlsx")
        worksheet = workbook.worksheets[page]
        index = 0
        while index < len(web_lists):
            web = list()
            web.append(web_lists[index]['parse'])
            web.append(web_lists[index]['url'])
            web.append(web_lists[index]['status'])
            worksheet.append(web)
            index += 1
        workbook.save(abs_path + str(target) + ".xlsx")
        workbook.close()

    def exploit(self, url):
        temp_url = url
        resp = requests.get(temp_url, headers=self.headers, verify=config.verify_ssl,
                            allow_redirects=config.allow_redirects)
        detectencode = chardet.detect(resp.content)  # 利用chardet模块检测编码
        path = re.search(r'<img\ssrc="(.*?)".*?>', resp.content.decode(detectencode['encoding']), re.S).group(
            1)  # re.S的作用 匹配的时候扩展到整个字符串(包括换行这些\n)

        if temp_url in path:
            temp_url = path + '/.php'
        else:
            temp_url = self.format_url(temp_url, path)
        print("iis解析模块扫描：", temp_url)
        resp = requests.get(temp_url, headers=self.headers, verify=config.verify_ssl,
                            allow_redirects=config.allow_redirects)
        if 'text/html' in resp.headers.get("Content-Type") and resp.status_code == 200:
            self.parsescanlist.append({
                'parse': '解析漏洞',
                'url': temp_url,
                'status': resp.status_code
            })

    def main(self):
        logging.info("ParseScan Start")
        p = ThreadPoolExecutor(10)
        temp_urls = []
        for aaa in self.clear_task_list:
            flag = 0
            for i in temp_urls:
                if aaa['url'] == i:
                    flag += 1
            if flag == 0:
                temp_urls.append(aaa['url'])
                p.submit(self.exploit, aaa['url'])

        p.shutdown()
        print(self.parsescanlist)


if __name__ == '__main__':
    # [
    #     {'url': 'https://42.247.33.26', 'title': '统 一身份认证平台', 'status': 200, 'frame': None},
    #     {'url': 'https://42.247.33.26', 'title': '统一身份认证平台', 'status': 200, 'frame': None},
    #     {'url': 'https://42.247.33.26', 'title': '统一身份认证平台', 'status': 200, 'frame': None},
    #     {'url': 'https://42.247.33.26', 'title': '统一身份认证平台', 'status': 200, 'frame': None}
    # ]

    ParseScan('nbcc.cn', a).main()

